public static MonoBtlsX509 GetBtlsCertificate(X509Certificate certificate)
{
var impl = certificate.Impl as X509CertificateImplBtls;
if (impl != null)
{
return(impl.X509.Copy());
}
return(MonoBtlsX509.LoadFromData(certificate.GetRawCertData(), MonoBtlsX509Format.DER));
}
void Import(byte[] data)
{
// Does it look like PEM?
if ((data.Length > 0) && (data [0] != 0x30))
{
x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.PEM);
}
else
{
x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER);
}
}
void Initialize()
{
if (certificates != null)
{
return;
}
hashes = new long [collection.Count];
certificates = new MonoBtlsX509 [collection.Count];
for (int i = 0; i < collection.Count; i++)
{
// Create new 'X509 *' instance since we need to modify it to add the
// trust settings.
var data = collection [i].GetRawCertData();
certificates [i] = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER);
certificates [i].AddExplicitTrust(trust);
hashes [i] = certificates [i].GetSubjectNameHash();
}
}
static void Main(string[] args)
{
if (!MonoBtlsProvider.IsSupported())
{
Console.Error.WriteLine("BTLS is not supported in this runtime!");
Environment.Exit(255);
}
var configPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
configPath = Path.Combine(configPath, ".mono");
var oldStorePath = Path.Combine(configPath, "certs", "Trust");
var newStorePath = MonoBtlsX509StoreManager.GetStorePath(MonoBtlsX509StoreType.UserTrustedRoots);
if (!Directory.Exists(oldStorePath))
{
Console.WriteLine("Old trust store {0} does not exist.");
Environment.Exit(255);
}
if (Directory.Exists(newStorePath))
{
Directory.Delete(newStorePath, true);
}
Directory.CreateDirectory(newStorePath);
var oldfiles = Directory.GetFiles(oldStorePath, "*.cer");
Console.WriteLine("Found {0} files in the old store.", oldfiles.Length);
foreach (var file in oldfiles)
{
Console.WriteLine("Converting {0}.", file);
var data = File.ReadAllBytes(file);
using (var x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER)) {
ConvertToNewFormat(newStorePath, x509);
}
}
}
protected override MonoBtlsX509 OnGetBySubject(MonoBtlsX509Name name)
{
byte[] raw_data = name.GetRawData(false);
var x509_name = new X500DistinguishedName(raw_data);
using (var certstore = new X509Store(StoreName.Root, Location))
{
try
{
certstore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
}
catch (CryptographicException)
{
return(null);
}
var matches = certstore.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, x509_name.Name, false);
if (matches.Count >= 1)
{
// FIXME: Which one to use if more than 1 match?
return(MonoBtlsX509.LoadFromData(matches[0].RawData, MonoBtlsX509Format.DER));
}
return(null);
}
}
void SetPrivateCertificate(X509CertificateImplBtls privateCert)
{
Debug("SetPrivateCertificate: {0}", privateCert);
ssl.SetCertificate(privateCert.X509);
ssl.SetPrivateKey(privateCert.NativePrivateKey);
var intermediate = privateCert.IntermediateCertificates;
if (intermediate == null)
{
/* Intermediate certificates are lost in the translation from X509Certificate(2) to X509CertificateImplBtls, so we need to restore them somehow. */
var chain = new System.Security.Cryptography.X509Certificates.X509Chain(false);
/* Let's try to recover as many as we can. */
chain.ChainPolicy.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
chain.Build(new System.Security.Cryptography.X509Certificates.X509Certificate2(privateCert.X509.GetRawData(MonoBtlsX509Format.DER), ""));
var elems = chain.ChainElements;
for (int j = 1; j < elems.Count; j++)
{
var cert = elems[j].Certificate;
/* If self-signed, it's a root and should not be sent. */
if (cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData))
{
break;
}
ssl.AddIntermediateCertificate(MonoBtlsX509.LoadFromData(cert.RawData, MonoBtlsX509Format.DER));
}
}
else
{
for (int i = 0; i < intermediate.Count; i++)
{
var impl = (X509CertificateImplBtls)intermediate [i];
Debug("SetPrivateCertificate - add intermediate: {0}", impl);
ssl.AddIntermediateCertificate(impl.X509);
}
}
}
internal X509CertificateImplBtls(byte[] data, MonoBtlsX509Format format)
{
x509 = MonoBtlsX509.LoadFromData(data, format);
}
internal X509CertificateImplBtls(byte[] data, MonoBtlsX509Format format, bool disallowFallback = false)
{
this.disallowFallback = disallowFallback;
x509 = MonoBtlsX509.LoadFromData(data, format);
}